IETF Logo Mail Archive

[SAFE] Addressing nested NAT issues for STUN control

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 25 October 2007 13:41 UTC

Return-path: <safe-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Il2yC-00017L-Il; Thu, 25 Oct 2007 09:41:56 -0400
Received: from safe by megatron.ietf.org with local (Exim 4.43) id 1Il2yA-00014k-Pz for safe-confirm+ok@megatron.ietf.org; Thu, 25 Oct 2007 09:41:54 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Il2y5-0000yg-E3 for safe@ietf.org; Thu, 25 Oct 2007 09:41:49 -0400
Received: from mailgw3.ericsson.se ([193.180.251.60]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Il2y4-0003jt-6Z for safe@ietf.org; Thu, 25 Oct 2007 09:41:49 -0400
Received: from mailgw3.ericsson.se (unknown [127.0.0.1]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id BC25320783 for <safe@ietf.org>; Thu, 25 Oct 2007 15:41:42 +0200 (CEST)
X-AuditID: c1b4fb3c-ae67bbb0000007e1-32-47209d16885a
Received: from esealmw128.eemea.ericsson.se (unknown [153.88.254.121]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id AC777203F3 for <safe@ietf.org>; Thu, 25 Oct 2007 15:41:42 +0200 (CEST)
Received: from esealmw126.eemea.ericsson.se ([153.88.254.170]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Thu, 25 Oct 2007 15:41:42 +0200
Received: from [147.214.30.247] ([147.214.30.247]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Thu, 25 Oct 2007 15:41:42 +0200
Message-ID: <47209D16.7010902@ericsson.com>
Date: Thu, 25 Oct 2007 15:41:42 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: safe@ietf.org
X-Enigmail-Version: 0.95.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 25 Oct 2007 13:41:42.0490 (UTC) FILETIME=[C6F2B3A0:01C8170C]
X-Brightmail-Tracker: AAAAAA==
X-Spam-Score: -1.0 (-)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Subject: [SAFE] Addressing nested NAT issues for STUN control
X-BeenThere: safe@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Self-Address Fixing Evolution <safe.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/safe>
List-Post: <mailto:safe@ietf.org>
List-Help: <mailto:safe-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/safe>, <mailto:safe-request@ietf.org?subject=subscribe>
Errors-To: safe-bounces@ietf.org

Hi,

Isn't there a related issue to what is brought up in section 8.1 in that
the STUN client will be able to send packets to that NAT.

If a NAT on the path has the same address as another NAT then you can
only send to the closest one.

STUN Client 192.168.1.2

NAT-A 192.168.1.1/10.0.0.45

NAT-B 10.0.0.1/192.168.1.2

NAT-C 192.168.1.1/192.0.2.53

In this case the STUN client can't send to NAT-B as there is no external
address which routes from STUN client to NAT-B.

Have you thought of this problem? I think this one is more serious as
private address spaces used on the internal side are limited to a few
common ones. And here it is likely that even if the client in the above
example wasn't using 192.168.1.2 then another host in his private
network would.

cheers

Magnus Westerlund

IETF Transport Area Director & TSVWG Chair
----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM/M
----------------------------------------------------------------------
Ericsson AB                | Phone +46 8 4048287
Torshamsgatan 23           | Fax   +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------


_______________________________________________
SAFE mailing list
SAFE@ietf.org
https://www1.ietf.org/mailman/listinfo/safe

v2.23.0 | Report a Bug | By Email